Module 4: Resolving File and Folder Issues

Module 4: Resolving File and Folder Issues
Contents Overview Lesson: Managing Files and Folders Lesson: Troubleshooting Access to Files and Folders Lesson: Troubleshooting Access to Shared Files and Folders Lesson: Troubleshooting Access to Offline Files Lab: Resolving File and Folder Issues 1 2 21 33 49 66
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveX, ClearType, Direct3D, DirectDraw, DirectInput, DirectMusic, DirectPlay, DirectShow, DirectSound, DirectX, FrontPage, MSDN, MSN, Outlook, PowerPoint, the Windows logo, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
iii
Instructor Notes
Presentation: 110 minutes Lab: 15 minutes This module enables students to identify and resolve file and folder issues. After completing this module, students will be able to:
! ! ! !
Manage files and folders Troubleshoot access to files and folders Troubleshoot access to shared files and folders Troubleshoot access to offline files and folders
Required materials
To teach this module, you need following materials:

! !
Microsoft PowerPoint file 2261A_04.ppt presentation. The Permissions States multimedia activity.
Students need several files to complete the practices in this module. These files can be found in subfolders contained within the following parent folder: C:\Program Files\Microsoft Learning\2261\Practices\. The required files and folders are:
! ! ! !
Compression.doc Encryption folder contains Encryption.doc AccessDenied1.doc and AccessDenied2.doc Recover.doc
Preparation tasks
To prepare for this module:

! !
Read all of the materials for this module. Read the associated materials in the Knowledge Base and other online resources, as referred to in the text. Complete the practices and the lab. Review the Permissions States activity.
! !
iv
How to Teach This Module

This section contains information that will help you to teach this module.
Multimedia
The multimedia files are installed on the instructor computer. To open a multimedia presentation, click the animation icon on the slide for that multimedia presentation.
Lesson: Managing Files and Folders

This section describes the instructional methods for teaching this lesson. Types of Files and Folders How to Filter Audit Logs for Files and Folders What Is File Compression? How to Compress and Decompress Files, Folders, and Volumes What Is EFS? How to Enable and Disable Encryption What Is an EFS Recovery Agent? How to Troubleshoot File and Folder Management Issues Practice: Configuring Files and Folders This topic provides the student with basic knowledge about files and folders including information on hidden files and folders, associating extensions, and sharing. This topic provides the steps to filter audit logs for files and folders. Students may already know what an audit log is, however, you must teach them how to filter file-related and folder-related security settings. This topic covers the two types of compression tools available to the user.
This topic provides the steps that enable the student to compress files and folders using both the NTFS compression and the .zip format.
This topic explains the Encrypting File System (EFS) as it pertains to accessing files with NTFS and EFS issues. This topic provides the student with a step-by-step method for enabling encryption on files and folders for both the local computer and the domain as a whole. This topic covers the creation of a recovery agent certificate and the designation of a recovery agent. This topic covers troubleshooting files and folders in Microsoft Windows Explorer with regard to compressed files and folders.
The students must run a script to copy a folder structure with some files in the folders from the instructors computer. Per a scenario, the students must configure compression on some files and secure other files with EFS.
Lesson: Troubleshooting Access to Files and Folders

This section describes the instructional methods for teaching this lesson. NTFS File and Folder Permissions This topic details the standard permissions available for files and folders. There is a note for an optional activity titled Permissions States at the end of this topic. If students are confused by permissions, have them perform the activity. If the students perform the activity, tell them to study the definitions on the opening screen. This provides them with the information they need to answer the questions on the following screens. This topic explains how to verify file and folder permissions on an NTFS volume. Owner and administrator file and folder rights are also covered. This topic details how to access the effective permissions dialog box, enabling the student to check effective permissions. This topic lists common file and folder actions that can create support issues.
How to Verify NTFS File and Folder Permissions How to Determine Effective Permissions How to Troubleshoot Access to Files and Folders Practice: Troubleshooting File and Folder Access
In this practice, students compress a file using NTFS compression and secure a folder and its contents using EFS. This practice is self-directed.
Lesson: Troubleshooting Access to Shared Files and Folders

This section describes the instructional methods for teaching this lesson. What Are File and Folder Sharing? How to Share Files and Folders How to Determine Effective Permissions How to Map a Network Drive What Is a Shadow Copy? How to Restore from a Shadow Copy How to Troubleshoot Access to Shared Files and Folders This topic explains the two sharing models in the Microsoft Windows operating systems. This topic lists the steps to share files, folders, and drives across a network.
This topic covers the steps to determine the maximum and effective permissions a user has for a file on an NTFS volume. This topic explains three common procedures for mapping network drives.
This topic details the use of shadow copies to maintain a set of previous versions of files. This topic explains how to recover a deleted, overwritten, or corrupted file by accessing a previous version. This topic also covers the recovery of folders. This topic covers common support issues involving access to shared files and folders.
vi
Practice: Troubleshooting File and Folder Sharing
In this practice, students determine the effective NTFS permissions that are applied to a file and use shadow copy to recover a previous version of a document. The graphic on the page illustrates two shared folders that contain folders or files that have been assigned NTFS permissions. Tell students to study each example and determine a users effective permissions. Review the questions and answers at the end of this exercise, and have students discuss their answers. In the second part of this practice, students use shadow copy to recover a previous version of a document. This part is self-directed. Shadow copy has been enabled, and the shadow copy client (ShadowCopyClient.msi) has been installed on the student computers. Important Before students begin this exercise you must enable redirection of the students My Documents folders to London by using a Group Policy Object (GPO). The GPO is called UserFolderRedirect. To enable the UserFolderRedirect GPO: 1. Log on to the domain controller as Administrator with the password P@ssw0rd. 2. Click Start, click Administrative Tools, and then click Active Directory User and Computers. 3. Right-click nwtraders.msft, and then select Properties. 4. Click the Group Policy tab. 5. Select UserFolderRedirect, and click Options. 6. Clear the Disabled check box, and then click OK. 7. In the nwtraders.msft Properties dialog box, click OK. After you enable the GPO, ensure that students run the command-line tool gpupdate, and then log off and back on the domain. Important When this practice is complete, you must disable folder redirection of the users My Documents folder to prepare for a later practice. After the students have copied the Recover.doc file to My Documents, create a shadow copy. To create a shadow copy: 1. In My Computer, right-click Local Disk (C:), and then click Properties. 2. In Local Disk (C:) Properties, click the Shadow Copies tab. 3. Click Create Now. 4. After the copy is created, click OK in the Local disk (C:) Properties dialog box, and instruct the students to complete the practice.
vii
To disable redirection from the London computer: 1. Log on to the domain as Administrator with the password P@ssw0rd. 2. In Active Directory User and Computers, right-click nwtraders.msft, and then select Properties. 3. On the Group Policy tab, select UserFolderRedirect, and click Options. 4. Check Disabled, click Yes in the Confirm Disable dialog box, click OK in the userfolderredirect Properties box, and then click OK in the nwtraders.msft Properties dialog box. 5. In the nwtraders.msft Properties dialog box, click OK.
Lesson: Troubleshooting Access to Offline Files

This section describes the instructional methods for teaching this lesson. What Are Offline File Settings? How to Configure Offline Files Settings What Is Synchronization of Offline Files? What Is File Caching? How to Cache Settings for Shared Folders What Is the Folder Redirection Process? How to Troubleshoot Access to Offline Files Practice: Troubleshooting Access to Offline Folders This topic explains how offline files are used in a network environment. Additionally, the offline files system folder is discussed. This topic details the steps necessary to configure a computer to use offline files and make shared files available offline. It also covers how to adjust offline file settings. This topic explains how offline files and folders are synchronized when you log off and on to the network. It also details operations Windows conducts for offline file actions. This topic discusses pinning a file to your local file cache. Is also covers the benefits of file caching. This topic explains the three possible cache settings.
This topic lists the advantages to redirection as well as the file folders that can be redirected. This topic covers common support issues with regard to offline files, synchronization, and encryption. In the first part of this practice, students configure a shared folder and its contents to be available offline using offline files, and they will configure the amount of disk space to use for temporary offline files. This part of the practice is self-directed. In the second part of this practice, students check to see if their My Documents folder has been redirected to London. Redirection is currently disabled on London, so they will find that their My Documents folder is local. After they verify that the folder is local, you must enable redirection of users My Documents folder to a central shared folder on London.
viii
To enable redirection: 1. Log on to the domain as Administrator with the password P@ssw0rd. 2. In Active Directory Users and Computers, right-click nwtraders.msft, and then click Properties. 3. On the Group Policy tab, select UserFolderRedirect, and then click Options. 4. Deselect Disabled, and then click OK. 5. In the nwtraders.msft Properties dialog box, click OK. After you enable redirection, tell students to log off of the domain and log on again. Then tell them to determine whether the My Documents folder is being redirected. They will discover that it is being redirected to London. When this practice is complete, you must disable folder redirection of the users My Documents folder. To disable redirection: 1. Log on to the domain as Administrator with the password P@ssw0rd. 2. Click Start, click Administrative Tools, then click Active Directory Users and Computers. 3. Right-click nwtraders.msft, and then select Properties. 4. Click the Group Policy tab. 5. Select UserFolderRedirect, and click Options. 6. Check Disabled, click Yes in the Confirm Disable dialog box, click OK in the User Folder Redirect dialog box, and then click OK in the nwtraders.msft Properties dialog box.
Lab: Resolving File and Folder Issues

In this lab, students examine a sample phone call from a customer and determine the best solution for the customer. Facilitate a class discussion, and encourage students to ask questions to help them gather details about the problems. Provide feedback on the types of questions the students ask, particularly if questions seem to be random guesses rather than a systematic approach to solving the problem.
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Microsoft Windows XP and Windows 2000 Professional include several tools and features that enable users to better manage their files and folders. As a desktop support technician (DST), you may be called on to support customers who are attempting to perform file and folder management tasks, such as compressing files, enabling and disabling encryption, verifying permissions, or specifying access to files and folders. You must be familiar with these tasks to identify potential issues and suggest solutions to your customers problems. In this module, you will learn how to support your customers in resolving file and folder issues both locally and across a network. Objectives After completing this module, you will be able to:
! ! ! !
Manage files and folders Troubleshoot access to files and folders Troubleshoot access to shared files and folders Troubleshoot access to offline files and folders
Lesson: Managing Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, When I start my virus check program, it cannot check all the files on my hard disk and I get Access Denied error messages. I am using EFS and my wife also has an account on this computer. How would you respond? Lesson objectives After completing this lesson, you will be able to:
! ! ! ! ! ! !
Explain the types of files and folders Filter audit logs for files and folders Explain file compression Compress files, folders, and volumes Explain EFS Enable and disable file encryption Explain EFS recovery agents
Types of Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction One primary purpose of the operating system is to provide access to information that is located in files on storage devices. A file is a collection of data that has a name, called a file name. You can use the operating system to logically group files into objects called folders. Windows XP and Windows 2000 Professional provide access to the following types of files and folders:
! !
Types of files and folders
Local. Files and folders that are stored on the local computer. Shared. Files and folders that are shared between users. These files and folders may be shared from another computer or over the network. Offline. Files and folders from network shares that are available when you are not connected to the network. When you enable a shared file or folder for offline use, Microsoft Windows caches a copy of that file or folder on the hard disk of your local computer so that while you are disconnected from the network, you can work with the local copy exactly as though it were the original. When you reconnect to the network, Windows synchronizes your cached files with the remote counterpart, so that the file or folder is current on both your local computer and the remote network share.
Note Offline files and folders are available only on Windows XP Professional.
What are file name extensions?
A file name extension is a set of characters at the end of a file name that describes the type of information that is stored in the file. For example, in the file name winword.exe, the .exe extension indicates that this is an executable file. A file name extension can also indicate which application is associated with the file. For example, in the file name mydocument.doc, .doc is the extension that indicates that this is a Microsoft Word file. When Windows XP or Windows 2000 Professional accesses a file, it compares the file name extension to a list of installed applications to launch the appropriate application for viewing that file. This process of matching an extension to an application is referred to as file association. File association determines which application will run or open the file by default.
How to change file associations
When Windows is unable to associate a file with an application, or the current association for a specific extension is incorrect, you can change the file association manually. To change a file name extension: 1. Click Start, click All Programs, click Accessories, and then click Windows Explorer. 2. On the menu bar, click Tools, and then click Folder Options. 3. On the File Types tab, in the File Types list, select the file that you want to change, and click Change. 4. Click Open With. 5. In the Open With dialog box, choose an application from the Programs list box to use when the file type is accessed. Click Browse to search the computer for other application executables that are not shown in the Programs list box.
What are file and folder attributes?
You can define the following attributes, or settings for files and folders in Windows 2000 Professional and Windows XP:
! !
Read-only. File that can be read only; it cannot be changed or deleted. Hidden. File that is hidden from viewing. This protects the resource from unintended access. Windows 2000 Professional and Windows XP hide critical system files and folders to protect them from deletion or modification. You can view hidden files and folders by selecting the option to show hidden files and folders in the Folder Options dialog box in the View tab. Ready for Archiving. File that has not been backed up recently. When a backup utility backs up a resource, it marks the resource as archived. If the resource changes in any way, the archived flag is removed.
Protected folders
In addition to the hidden file attribute, Windows XP displays a warning message when the following critical files are accessed:
!
System volume. The entire system volume is protected from access by users with limited rights Program Files. This folder contains the majority of application-specific files on the system and is therefore protected Windows. The system folder contains the operating system and is protected
Note Any user can access hidden resources and protected folders if the appropriate steps are taken and the user is not blocked by a policy. Windows 2000 Professional does not hide system files by default.
How to Filter Audit Logs for Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows XP Professional and Windows 2000 Professional include auditing, which enables you to monitor the users that access resources on a computer. Auditing records access to files and folders in the Event Viewer security log. For information on how to enable auditing, see How to Audit Events in Module 3, Resolving Desktop Management Issues, in Course 2261, Supporting Users Running the Microsoft Windows XP Operating System. Note In Windows XP Home Edition, security auditing is enabled for certain events; however, because Windows XP Home Edition does not include Local Security settings, you cannot change which events are audited unless you use a tool such as Auditpol.exe, which is included in the Windows 2000 Resource Kit. Filtering log events You can filter audit logs in the Security section of the Event Viewer by: event type, event source, category, event ID, user, computer, or time and date. To filter log events: 1. Click Start, and then click Control Panel. 2. Click Performance and Maintenance, click Administrative Tools, and then double-click Event Viewer. 3. Click Security, and select the log that contains the event that you want to view. 4. On the View menu, click Filter. 5. On the Filter tab, specify the filter options that you want, and then click OK.
Only events that match your filter criteria are displayed in the details panel. To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults. Additional reading For more information on filtering log events, see article 308427 in the Microsoft Knowledge Base.
What Is File Compression?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To conserve space on a hard disk, you can use file compression, which is a mathematical process that is performed by the operating system on files and folders to reduce their size. In Windows XP and Windows 2000 Professional, file compression is called NTFS compression. Microsoft Windows NT, Windows 2000 Professional, and Windows XP use a file system called NTFS. NTFS provides better performance, reliability, and security than the file allocation table (FAT) file system that is used in earlier versions of Windows. NTFS manages access to data that is stored within a volume and provides security for those resources. NTFS compression allows files, folders, and entire volumes to be compressed to save disk space. Limitations of NTFS compression There are limitations when using NTFS compression to manage space on a hard disk:
!
Definition of NTFS
Compressed files must be decompressed by the operating system when they are accessed. This can slow down access to these files. NTFS compression is incompatible with NTFS encryption. A file can be compressed or encrypted, but not both. Reduction in file size caused by compression is not considered when disk quota limitations are calculated. For example, a 100-megabyte (MB) file that has been compressed to 80 MB is still measured as being 100 MB in size for purposes of filling a disk quota. NTFS compression does little to reduce the sizes of files that are already compressed, such as audio files, .zip format files, and compressed image files.
How to Compress and Decompress Files, Folders, and Volumes
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In addition to compressing files and folders, you can compress an entire volume. This is generally applied to large data storage volumes that contain archived data. Because archived data is seldom used, compression saves space and allows for more content storage on the volume. Note Windows XP and Windows 2000 Professional cannot compress files that are open; verify that the files are closed before you try to compress them. How compression is applied Consider the following when working with compressed files and folders:
! ! !
If you create a new file in a compressed folder, the new file is compressed. If you copy a file into a compressed folder, the file is compressed. If you move a file from a different NTFS volume into a compressed folder, the file is compressed. If you move a file into a compressed folder on the same NTFS volume, the file retains whatever compression setting it had originally and is not automatically compressed. If you move a compressed file into an uncompressed folder on the same NTFS volume, the file retains the compressed attribute. However, if you move a compressed file to an uncompressed folder on a different NTFS partition, the file loses the compression attribute.
10
Compressing a file or folder
To compress a file or folder by using NTFS compression: 1. In Microsoft Windows Explorer, right-click the file or folder you want to compress, and then click Properties. 2. On the General tab, click Advanced. 3. Select Compress contents to save disk space, and then click OK. If you select a folder, a dialog box is displayed that asks whether to apply compression to the folder or to its contents also.
Compressing a volume
To compress a volume by using NTFS compression: 1. In Windows Explorer, right-click the volume you want to compress, and then click Properties. 2. On the General tab, select Compress drive to save disk space. By default only files in the root directory of the volume are compressed automatically. 3. To have Windows compress all folders on the drive, select Also compress subfolders in the message box that appears.
Verifying NTFS compression
To verify that a file or folder has been compressed: 1. Right-click the file or folder and then click Properties. 2. On the General tab, click Advanced. If the Encrypt contents to secure data check box is selected, the file or folder is encrypted. Windows XP displays NTFS compressed files in blue by default. To set this option in both Windows XP and Windows 2000 Professional: 1. In Windows Explorer, on the Tools menu, click Folder Options. 2. On the View tab, in the Advanced Settings list, select Show encrypted or compressed NTFS files in color check box.
11
What Is EFS?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction If you have sensitive or confidential data, you may can prevent others from viewing the data. In Windows XP Professional and Windows 2000 Professional, you can protect files and folders by using the Encrypting File System (EFS). EFS is not available in Windows XP Home Edition. EFS encodes your files so that, even if someone is able to obtain the file, the person cannot read it. The files can be read only when you log on to the computer by using your user account and password. Windows uses your user accounts public key to create a file encryption key (FEK) that can be decrypted only by your personal encryption certificate, which is generated from your user accounts private key. EFS restrictions There are two restrictions when implementing EFS:
! !
You cannot use EFS on storage volumes that are not formatted with NTFS. You cannot use EFS to encrypt a file that has been compressed with NTFS compression.
EFS versus NTFS
Although NTFS manages access to file system resources in Windows or on an internal network, when you have a dual-boot configuration, NTFS permissions can be circumvented by the second operating system. This issue is especially pertinent to portable computers because they can easily be moved or stolen, which would enable a second installation of Windows to be installed as a dual boot. The protected NTFS files would then be accessible on the second installation of Windows. EFS addresses this security gap by requiring you to enter your user account and password information before it will encrypt a file. In a dual-boot environment, the EFS protected files would still be inaccessible.
12
Troubleshooting tip
When an unauthorized user attempts to access an EFS-encrypted resource, the user receives an access denied message. This message is similar to what a user experiences when he attempts to access an NTFS resource that he does not have permission to access. As a DST, you may receive calls from customers who are attempting to access encrypted data, and they may not understand why they are not able to access certain files. To recommend an appropriate solution, you must determine whether their files are encrypted or if they have the proper NTFS permissions.
Verifying EFS encryption
Windows XP displays the names of encrypted files in green by default, but you can change this setting. To verify that a folder or file is encrypted: 1. Right-click the file or folder and then click Properties. 2. On the General tab, click Advanced. If the Encrypt contents to secure data check box is selected, the file or folder is encrypted. Note In Windows 2000 Professional, encrypted files are displayed in black text.
13
How to Enable and Disable Encryption
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Encrypting a file or folder In Windows XP and Windows 2000 Professional, you can use Windows Explorer to encrypt or disable encryption on individual files or folders. To encrypt a file or folder: 1. In Windows Explorer, right-click the file or folder, and then click Properties. 2. On the General tab, click Advanced. 3. In the Advanced Attributes dialog box, select Encrypt contents to secure data. 4. Click OK twice. If the file or folder contains any files or subfolders, the operating system displays a confirmation message asking if you want to apply the changes to the folder only or also to subfolders and files. If you select Apply changes to this folder only option, the operating system will not encrypt any of the files that are in the folder. However, any new files that you create in the folder, including files that you copy or move to the folder, will be encrypted. Also, receiving an error message when you attempt to encrypt or access an encrypted file or folder may indicate that EFS has been disabled on your computer. Tip It is a best practice to encrypt folders rather than individual files. Encrypting files without encrypting the folder weakens EFS security. For example, when you open a document in an unencrypted folder for editing in certain applications, the application creates a copy of the original document. When you save the document after you edit it, the application saves the copy, which is not encrypted, and deletes the original, encrypted document. If the entire folder is encrypted, the new copy of the file will also be encrypted.
14
Enabling or disabling EFS locally
You can disable or enable EFS on a particular computer, as long as the computer is not part of a domain. To enable or disable EFS: 1. Click Start, and then click Run. 2. In Run dialog box, type cmd to open a command prompt. 3. Type regedit to open the Registry Editor. 4. Open the HKLM\Software\Microsoft\Windows NT\ CurrentVersion\EFS key. 5. Click Edit, click New, then click DWORD Value. 6. Type efsconfiguration as the name for the new value. 7. Double-click the new value, and change its value to 1 to disable EFS or 0 to enable EFS. 8. Restart the computer.
Enabling or disabling EFS for the domain
You can also enable or disable EFS for a Microsoft Windows 2000 Server and Windows Server 2003 Active Directory directory service by using Group Policy. For the detailed steps in this process, see article 222022 in the Microsoft Knowledge Base.
15
What Is an EFS Recovery Agent?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction An EFS recovery agent is a user account that is explicitly granted rights to recover encrypted data. The purpose of a recovery agent is to allow a company to recover encrypted files on a company resource at any time. To grant a user account recovery agent rights, an administrator must first generate a recovery agent certificate. This certificate grants permission to the user account to access encrypted resources. After the recovery agent rights are granted, the certificate should be removed from the computer or domain and stored in a safe place. You must create a recovery agent certificate before a resource is encrypted to allow the user account to access this resource. Files and folders that are encrypted before a recovery agent certificate has been created cannot be accessed by that recovery agent certificate. Generating a recovery agent certificate If your computer is not part of a domain, there is no default recovery agent and you should create one. To create a data recovery agent, you must first create a data recovery certificate and then designate a user to be the data recovery agent. To generate a recovery agent certificate: 1. Log on as Administrator. 2. Open a command prompt, and type cipher /r: filename where filename is the name of the recovery agent certificate. 3. When prompted, type a password that will be used to protect the recovery agent certificate. When you create the recovery agent certificate, it creates both a .pfx file and a .cer file with the file name that you specify. You can designate any user account as a data recovery agent, but do not designate the account that encrypts the files as a recovery agent. Doing so provides little or no protection of the files. If the current user profile is damaged or deleted, you will lose all the keys that allow decryption of the files.
Recovery agent certificates
16
Designating an EFS recovery agent
To designate an EFS recovery agent: 1. Log on to the account that you want to designate as a data recovery agent. 2. Click Start, then click Run, type certmgr.msc and then click OK. 3. In Certificates, under Certificates - Current User, expand Personal, and then click Certificates. 4. On the Action menu, click All Tasks, then click Import to launch the Certificate Import Wizard, and then click Next. 5. On the File To Import page, enter the path and file name of the encryption certificate (a .pfx file) that you exported, and then click Next. If you click Browse, in the Files of type box you must select Personal Information Exchange to see .pfx files, and then click Next. 6. Enter the password for this certificate, select Mark This Key As Exportable, and then click Next. 7. Select Automatically select the certificate store based on the type of certificate, click Next, and then click Finish. 8. Click Start, then click Run, type secpol.msc and then click OK. 9. In Local Security Settings, under Security Settings, expand Public Key Policies, and then click Encrypting File System. 10. On the Action menu, click Add Data Recovery Agent, and then click Next. 11. On the Select Recovery Agents page, click Browse Folders, and then navigate to the folder that contains the .cer file that you created. 12. Select the file, and then click Open. The Select Recovery Agents page now shows the new agent as USER_UNKNOWN. This is normal, because the name is not stored in the file. 13. Click Next, and then click Finish. The current user is now the recovery agent for all encrypted files on this computer.
EFS data loss risks
All encrypted files and folders will be inaccessible if you reinstall the operating system. For this reason, make a copy of your personal encryption certificate and, if possible, the recovery agent certificate on a disk. Store the disk in a safe place. For more information about EFS best practices, see article 223316 in the Microsoft Knowledge Base.
Additional reading
17
How to Troubleshoot File and Folder Management Issues
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Although there are many issues that may occur when managing files and folders, most issues occur when users try to access and configure files and folders that are corrupt or have been encrypted. When troubleshooting management of files and folders, you can begin to develop a general idea of the problem and possible solutions by asking your customer the following questions:
! ! ! ! ! !
Troubleshooting questions
What were you trying to do when the error occurred? Whose resources are you working with? Where are these resources located? When were the resources created? How were the resources created? How are you accessing the resources?
Troubleshooting compression issues
Compression issues are usually related to disk space issues, moving files, and conflicts with open files. To troubleshoot compression issues, remember the following:
! !
Encrypted resources cannot be compressed. Open files that are currently being accessed by applications or the operating system cannot be compressed. Compressed resources, when uncompressed, may exceed the available space on the storage volume. This problem can also occur when a compressed resource is moved to another volume. To resolve this issue, the amount of empty drive space must be increased or portions of the compressed data must be moved separately.
18

!
Performance issues may be related to disk compression. High-performance areas of a volume, such as system folders, databases, and video game directories, should not be compressed. If the user has compressed the entire volume, recommend that she undo the compression and recompress files and folders on a case-by-case basis. You can enable color coding of compressed and encrypted files for easy identification.
Troubleshooting EFS issues
EFS issues are generally caused by conflicts with domain policies, lost certificates, or operating system reinstallations. To troubleshoot EFS issues, remember the following:
! !
NTFS compressed resources cannot be encrypted. Only the user who encrypted the resource or a user account equipped with a recovery agent certificate at the time the resource was encrypted can access the resource. If a copy of one of the certificates can be obtained and copied to the computer, access can be reestablished; otherwise, the resource is lost. EFS can be disabled, preventing the encryption of new files and access to old files. Reenable EFS in the system registry. There may be domain policies preventing the implementation of auditing on a local computer.
Troubleshooting corruption issues
To verify that files are not corrupt:

! ! !
Run Chkdsk on the volume to verify its integrity. Try to copy or move the affected resources to another location or volume. Attempt to access the resource with an application, such as Microsoft Windows Notepad. Check for viruses with a third-party virus scanner. If you feel that the issue is one of data loss caused by the operating system or other product, escalate the issue.
! !
Troubleshooting auditing issues
If you have set up auditing to help users find issues with their files and folder, and no data is appearing in the event log, it is generally the result of auditing configuration errors. To troubleshoot auditing issues, remember the following:
!
For auditing to work properly, it must be enabled correctly in Policy Editor. In most cases in which audit events are not being displayed inside Event Viewer, incorrect Policy Editor settings are the cause. Ensure that the security logs filter settings in Event Viewer are properly configured. The volume being audited must be NTFS. There may be domain policies preventing the implementation of auditing on a local computer.
! !
Additional reading
For more information about troubleshooting file and folder issues, see articles 228002, 251186, and 314958 in the Microsoft Knowledge Base.
19
Practice: Configuring Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice In this practice, you will compress a file by using NTFS compression, and you will secure a folder and its contents by using EFS.
! Compress a file
1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, and then click Run. 3. In the Open box, type c:\program files\microsoft learning\2261\ practices\mod04 and then click OK. 4. In the Mod04 window, right-click Compression, and then click Properties. 5. In the Compression Properties dialog box, on the General tab, click Advanced. 6. In the Advanced Attributes dialog box, select Compress contents to save disk space and then click OK. 7. In the Compression Properties dialog box, click OK.
! Secure a file
1. In the Mod04 window, right-click the Encryption folder, and then click Properties. 2. On the General tab, click Advanced. 3. In the Advanced Attributes dialog box, select Encrypt contents to secure data, and then click OK. 4. In the Encryption Properties dialog box, click OK.
20
5. In the Confirm Attribute Changes dialog box, select Apply changes to this folder, subfolders and files, and then click OK. 6. In the Mod04 window, double-click the Encryption folder to open it. Note Encryption.doc is green to indicate that it is an encrypted file. 7. Log off.
! Test the encrypted folder

1. Log on as ComptuerNameUser with a password of P@ssw0rd. 2. Click Start, and then click Run. 3. In the Open box, type c:\program files\microsoft learning\2261\ practices\mod04\encryption and then click OK. 4. In the Encryption window, double-click the Encryption file. 5. In the WordPad warning message, click OK. The encrypted file did not open because it was encrypted by another user. 6. Close all windows and log off.
21
Lesson: Troubleshooting Access to Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, I have two NTFS partitions on my hard drive; C has the operating system and D has my data. I had Windows 2000 on C, but I removed it and did a clean install of Windows XP Professional. The problem is that now I cannot access some files on the D partition. I created the same administrator account that I used before, but I still cannot access the files. Is there any way to regain access to the files? How would you respond? Lesson objectives After completing this lesson, you will be able to:
! ! !
Explain NTFS file and folder permissions Verify NTFS file and folder permissions Determine effective permissions
22
NTFS File and Folder Permissions
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction One of the primary benefits of the NTFS file system is the ability to control access to specific files and folders through the use of permissions. A permission is a characteristic that is assigned to a folder or file resource that designates who may access that resource and describes which tasks that user might perform. NTFS permissions provide security for both local and network access to the file system. NTFS permissions differ from shared folder permissions in that shared folder permissions are applied only to folders and only secure network access to the file system. The specific NTFS permission settings that are available depend on whether the resource is a file or a folder. NTFS permission information is independent of the operating system. If the operating system is reinstalled, NTFS permissions that are assigned to volume resources are not affected. File permissions The following table describes available NTFS file permissions.
Permission Read Write Read and Execute Modify Full Control Enables the user to Open the file and view its permissions, attributes, and ownership. Modify the file and its attributes, and view its permissions, attributes, and ownership. Delete the file and do everything Read permission allows. Delete the file and do everything Read and Execute and Write permissions allow. Take ownership, modify permissions, and do everything Modify permission allows.
NTFS permissions
23
Folder permissions
The following table describes available NTFS folder permissions.

Permission Read Write Enables the user to View contents of folder and view its permissions, attributes, and ownership. Create new files and folders in the folder, modify its attributes, and view its permissions, attributes, and ownership. View subfolders within the folder and do everything Read and List Folder Contents permissions allow. Delete the folder and do everything Read and Execute and Write permissions allow. Take ownership, modify permissions, and do everything Modify permission allows.
Read and Execute Modify Full Control
Note Windows XP Home Edition allows very limited access to permissions settings. Ownership of files and folders The user account that creates a file or folder is the owner of that file or folder. By default, that account has complete control over the resource, including the rights to assign permissions to the resource. To apply permissions to an NTFS file or folder, the user account must be the owner of the resource, have full control of the resource, or be a member of the local Administrators group. Any user account that is granted the Take ownership of files and other objects right might assume ownership of a volume resource and then change the permissions on the resource. Note To learn more about the differences between permission states and to test your knowledge, see the activity Permission States. To start the activity, open the Web page on the Student Materials compact disc, click Multimedia, and then click the title of the activity. Do not start this activity unless you are instructed to do so by the instructor.
24
How to Verify NTFS File and Folder Permissions
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When your customers call with a file or folder access issue, recommend that they view the NTFS permissions on the file or folder to determine if the problem is caused by insufficient permissions. To view, set, change, or remove file and folder permissions in a domain environment: 1. Click Start, click My Computer, and then locate the file or folder for which you want to set permissions. 2. Right-click the file or folder, click Properties, and then click the Security tab. If the Security tab is not available, the file or folder is either not on an NTFS volume or simple file sharing is enabled. 3. Select a group or user from the Group or user names box. To set permissions for a group or user that does not appear in the Group or user names box, click Add, type the name of the group or user for whom you want to set permissions, and then click OK. 4. To allow or deny a permission, select either the Allow or Deny check box in the Permissions for user_or_group box (where user_or_group is the name of the currently selected user or group). 5. To remove all permissions for a user or group, select the group or user from the Group or user names box, and then click Remove.
Verifying and modifying permissions
25
Simple file sharing
By default, computers running Windows XP Professional that are not in a domain and computers running Windows XP Home Edition, use full NTFS permissions for controlling other users access to local files and folders that have been shared on the network. Instead, they use a simplified method for controlling access to shared resources called simple file sharing. Simple file sharing provides fewer, simpler options for sharing files and folders that make it easy to set up common security arrangements. When simple file sharing is enabled, in the Properties dialog box, the Security tab is hidden to prevent users from changing NTFS permissions directly. To disable simple file sharing: 1. In Control Panel, click Appearance and Themes, and then click Folder Options. 2. On the View tab, in the Advanced settings box, deselect the Use simple file sharing [Recommended] check box. Note In Windows XP Home Edition, you must start the computer in safe mode and log on as Administrator or an administrative user to access permissions settings.
Key points
The following list describes key points to remember when troubleshooting permission issues:
! ! !
The Everyone group does not include the Anonymous Logon permission. You can set permissions only on drives that are formatted to use NTFS. To change permissions, you must be the owner or have been granted permissions by the owner. Groups or users who are granted Full Control for a folder can delete files and subfolders in that folder, regardless of the permissions that protect the files and subfolders in the folder. If the check boxes in the Permissions for user or group box are unavailable or if the Remove button is unavailable, the file or folder has inherited permissions from the parent folder. For more information about how inheritance affects files and folders, see Windows Help. When you add a new user or group, by default the user or group has Read and Execute, List Folder Contents, and Read permissions.
Additional reading
For more information on working with NTFS folders and permissions, see article 30841 in the Microsoft Knowledge Base.
26
How to Determine Effective Permissions
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Determining which permissions users have may be confusing, because multiple permissions can be assigned to users and groups for the same files and folders. Effective permissions are the combined permissions for a user who is accessing files and folders through a shared folder or disk. For example, a user has the Read and Execute permission on a folder. The user is also a member of a group that has been assigned the Write permission for that folder. Therefore, the users effective permissions for that folder are Read, Execute, and Write. Determining effective permissions To troubleshoot issues, you might need to determine the effective permissions that are applied to a resource. To determine effective permissions on files and folders in Windows XP: 1. In Windows Explorer, locate the file or folder on which you want to view effective permissions. 2. Right-click the file or folder, click Properties, and then click the Security tab. 3. Click Advanced, and then click the Effective Permissions tab. 4. Click Select. 5. In the Enter the object name to select box, type the name of a user or group, and then click OK. The check boxes that are selected indicate the effective permissions of the user or group for that file or folder. Note The Effective Permissions tab is not available in Windows 2000 Professional.
27
Rules of inheritance
NTFS permissions follow rules of inheritance. When you apply specific permissions to one folder, these permissions automatically apply to all the files and folders that are stored in that folder. Any new files and subfolders that you create in this folder will inherit these permissions. Tip If you do not want the files and folders to inherit permissions, in the Advanced Security Settings dialog box, clear the Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here check box.
Restricting permission inheritance
To prevent specific files or subfolders from inheriting permissions: 1. Right-click the file or subfolder. 2. Click Properties, click the Security tab, and then click Advanced. 3. Clear the Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here check box.
Changing permission inheritance
If the check boxes in the Advanced Security Settings dialog box are not available, the file or folder has inherited permissions from the parent folder. There are three ways to make changes to inherited permissions: 1. Make the changes to the parent folder so that the file or folder inherits the permissions. 2. Select the opposite permission (Allow or Deny) to override the inherited permission. 3. Clear the Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here check box. When you clear this check box, you can make changes to the permissions or remove the user or group from the permissions list. However, the file or folder does not inherit permissions from the parent folder.
Using Allow and Deny permissions
In most cases, the Deny permission overrides the Allow permission unless a folder inherits conflicting settings from different parent folders. When this occurs, precedence is given to the setting that is inherited from the parent closest to the object in the subtree. When you use the Deny and Allow settings, note the following:
!
Allow permissions are cumulative, so a users permissions are determined by the cumulative effect of all of the groups to which the user belongs. Deny permissions override Allow permissions. Use caution when you apply Deny permissions.
When you grant permissions on the parent object, you can decide whether folders or subfolders can inherit them with the Apply onto setting.
28
How to Troubleshoot Access to Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Many issues involving file and folder access and permissions occur when users move or copy files or folders from one location to another because the permissions on the files or folders may change during the move. The following table shows the actions and consequences of moving or copying files or folders.
Consequences of moving and copying files and folders

Action
Consequence The new copy of the file or folder inherits the permissions of the destination folder, and the original object retains its permissions. This is true regardless of whether the destination is on the same NTFS drive as the original file or on a separate NTFS drive. The user account that created the copy becomes the Creator Owner of the new file or folder, which means that this user account can change the permissions of the copy. The moved folder or file retains its original permissions and the account that moved the file or folder becomes the Creator Owner. The moved folder or file inherits the permissions of the destination folder and the account that moved the file or folder becomes the Creator Owner. The newly created folder or file inherits the permissions of the destination folder and the account that copied the file or folder becomes the Creator Owner. The moved or copied folder or file in the new destination loses all permission settings, because the FAT32 file system is incapable of storing these details.
Copying a file or folder to an NTFS drive
Moving a file or folder within a single NTFS drive Moving a file or folder from one NTFS volume to another Copying or moving a file or folder from a FAT32 drive to an NTFS drive Copying or moving a file or folder from an NTFS drive to a FAT32 drive
29
Troubleshooting file and folder access
When troubleshooting file and folder access, you may encounter certain issues more frequently than others. Some of these common issues and their solutions, are:
!
A user or group cannot access a file or folder: Verify the permissions that are granted to the user or group. Permissions may not be granted for the selected resource, or permission could be denied. Remember that the permissions could have been changed if the file or folder was copied or moved. Review inherited permissions. Look in the Advanced Security Settings dialog box, and pay particular attention to the Inherited From column in the Permission Entries list. The data here will often show you the exact source of an unexpected permissions problem. See if the file or folder was encrypted with EFS by another user. Remember that by default, Windows XP displays the names of encrypted files in green and that in Windows 2000 Professional encrypted files use normal black text by default.
The Administrator grants permissions to a group for a selected file or folder, but a user in that group still cannot access the file or folder: Ask the user to log off and then log back on. When the user logs back on, his NTFS permissions are updated to include the new group to which he was added. Another way to update a users permissions is to ask the user to disconnect the network drive on which the file or folder resides and then reconnect it. This forces the permissions to update on the reconnect of the network drive.
A user with Full Control to a folder accidentally deletes files in the folder, and you want to prevent the user from doing it again: In the Properties window of the folder, on the Security tab, click Advanced to view the Permission Entry box for that folder. Select the user from the list of entries, and then click Edit. Clear the Delete Subfolders and Files check box.
A user is logged on as Administrator and must access a file or folder that was created by another user, but she is denied access. If the files have not been encrypted by the other user, you can assist the user to take ownership of the files to gain access. For more information on this issue, see article 308421 in the Microsoft Knowledge Base.
Changing file and folder permissions
You may encounter some of the following issues when you attempt to change file or folder permissions:
!
You made changes to the permissions of a file or folder, but the check marks do not appear. If you apply permissions to anything other than the default locationThis Folder, Subfolder, And FilesWindows adds a check mark in the Special Permissions box. To see this box, you must scroll to the bottom of the Permissions list. Permission settings are unavailable. Check your user account rights. You must be logged on as a member of the Administrators group or be the owner of an object to set its permissions. Permission settings will also be unavailable if the selected object inherits its permissions from a parent folder.
30
Practice: Troubleshooting File and Folder Access
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will identify files that are encrypted with EFS and files that are assigned NTFS permissions, and then you will determine the effective NTFS permissions that are applied to a file.
Practice
! Identify files that are encrypted with EFS and files that are assigned
NTFS permissions 1. Log on to the domain as ComputerNameUser, where ComputerName is your assigned computer name, with the password P@ssw0rd. 2. Click Start, and then click Run. 3. In the Open box, type c:\program files\microsoft learning\2261\ practices\mod04, and then click OK. 4. In the Mod04 window, double-click AccessDenied1. Why did you not have access to the file, because of encryption or NTFS? ____________________________________________________________ Encryption 5. In the WordPad warning window, click OK. 6. From the Mod04 window, double-click AccessDenied2. Why did you not have access to the file, because of encryption or NTFS? ____________________________________________________________ NTFS
31
7. In the WordPad warning window, click OK. Class Discussion How did you come up with your answers? ____________________________________________________________ Answers may vary. 8. Close all windows and log off.
! Determine the effective permissions applied to a file

1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, and then click Run. 3. In the Open box, type c:\program files\microsoft learning\2261\ practices\mod04 and then click OK. 4. In the Mod04 window, right-click AccessDenied2, and then click Properties. 5. In the AccessDenied2 Properties dialog box, click the Security tab, and then click Advanced. 6. In the Advanced Security Settings for AccessDenied2 dialog box, click the Effective Permissions tab. 7. Click Select. 8. In the Select User, Computer, or Group dialog box, in the Enter the object name to select box, type ComputerNameadmin where ComputerName is your assigned computer name, and then click OK. What are your effective permissions for the file AccessDenied2? ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ Travers Folder/Execute File, Read Attributes, Read Extended Attributes, Create Files/Write Data, Create Folders/Append Data, Write Extended Attributes, Delete, Read Permissions, Change Permissions, Take Ownership. 9. In the Advanced Security Settings for AccessDenied2 dialog box, click Select.
32
10. In the Select User, Computer, or Group dialog box, in the Enter the object name to select box, type ComputerNameUser and then click OK. What are your effective permissions for the file AccessDenied2? ____________________________________________________________ None. 11. Click OK. 12. In the AccessDenied2 Properties dialog box, click OK. 13. Close all windows and log off.
33
Lesson: Troubleshooting Access to Shared Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, I have a computer running Windows XP Professional. I created a shared folder and then granted the Modify permission to the domain group that must work with this folder, but the group is only able to get Read access. I then granted them the Full Control permission, but they are still only able to read. This always worked on my Windows 2000 computer. What is happening? How would you respond? Lesson objectives After completing this lesson, you will be able to:
! ! ! ! ! ! !
Explain file and folder sharing Share files and folders Determine effective permissions Explain what a network drive is Map a network drive Explain shadow copy Restore from a shadow copy
34
What Are File and Folder Sharing?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction One benefit of a networked environment is the ability to access files and folders that are on other computers. In Windows XP and Windows 2000 Professional, a resource must be shared before it can be accessed on the network. After the resource has been shared, users can access the resource from their own computers. Only drive and folder resources can be shared. When a resource is shared, sharing not only makes the resource available on the network, but sharing grants share permissions that define who can and cannot have access to the resource over the network. Share permissions are distinctly different from NTFS file permissions, which define the level and type of control that is granted to user accounts. To access a shared drive or folder across a network, a user account must have both the share permissions and the NTFS permissions. Shared files in Windows XP and Windows 2000 Windows XP provides two methods of sharing resources on the network, simple file sharing and classic sharing. Windows 2000 Professional supports only classic sharing.
!
Share permissions
Simple file sharing. Enables you to share a resource on the network by selecting a single check box. Through the Guest account, Windows XP automatically makes the resource available to everyone and sets the appropriate share and NTFS permissions on the object. Classic sharing. Enables you to grant the share permissions based on the user or group. This provides a high degree of control over who has access to the resource.
Note Simple file sharing is enabled by default in Windows XP Home Edition. It is not available to any computer running Windows XP in a domain.
35
Automatic search
By default, Windows XP automatically searches the local network for available, shared resources and lists those resources in Windows Explorer. Automatic search enables users to easily locate network resources on their local computers. To control the shared drives and folders that users are able to view, disable the automatic search feature. For more information on disabling the automatic search feature, see article 320138 in the Microsoft Knowledge Base. Note Automatic search is automatically disabled when the computer joins a domain.
Accessing shared folders and drives
Users can locate a shared drive or folder from their My Network Places network browser. On most networks, users can also access the shared resource by typing the share name into their command line directly, preceded by two backslashes. For example, a user can access the shared folder named MyShare on another computer at the command line by entering \\MyShare and pressing ENTER.
36
How to Share Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Sharing folders and drive resources allows users to exchange information and to access the same central resources. Individual files cannot be shared directly; instead, you must share the folder that contains the files you want to share. Note To share resources in Windows XP and Windows 2000 Professional, you must be logged on as a member of the Administrators, Power Users, or Server Operators group. You also must have the File and Printer Sharing for Microsoft Networks network service installed on your local network connection. Sharing a folder or drive To share a folder or drive: 1. In Windows Explorer, right-click the folder or drive that you want to share, and then select Sharing And Security. In Windows 2000 Professional, right-click the folder or drive that you want to share, and then select Sharing. 2. Select the Share This Folder option, accept or change the proposed share name, and then click Apply. 3. If you want to share this same folder or drive multiple times under different names, click the New Share button, and then type a different share name. Creating multiple shares for the same resource allows you to grant different share permissions. 4. When finished creating shares for the folder or drive, click OK.
37
Share names
The share name is the name that other users will see and use to access the resource from their computers. A share name can be hidden by appending a dollar sign character ($) to the end of the share name. This allows you to share resources and tell particular users about those resources, but still hide those resources from general viewing on the network. Each local storage volume also has a default administrative share whose share name consists of the drive letter and a dollar sign, for example, C$. This share name is not visible to others, and you cannot set permissions for the default share. The purpose of this share is to provide a network administrator with full access to the resources on each volume at any time. For security reasons, Windows XP Home Edition does not create these shares.
Number of shared connections
By default, Windows XP and Windows 2000 Professional limit the number of concurrent user connections to any one shared resource to 10. Permitting more than 10 users to access data on one resource at the same time affects network speed and performance. If you must provide access to more than 10 concurrent users to your shared resources, you must use a computer running Windows 2000 Server or Windows Server 2003.
38
How to Determine Effective Permissions
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Key Points When a folder is shared on the network, each user or group that attempts to connect to the share is subject to the permissions that are granted to that share. These permissions are applied in addition to any local NTFS permissions that are applied to the folder and file contents of that share. To determine the effective permissions that a user or group has when accessing a shared folder over the network you must combine the share permissions with the NTFS permissions. When combining permissions, the more restrictive permission always takes precedence. For example, if the share permission is Everyone = Read and the NTFS permission allows users to make changes to a shared file, the share permission applies, and the user is allowed only to read and cannot change the file.
Combining permissions
39
Determining effective share permissions
To determine the effective share permissions for a user or group on a shared resource, you must have access to the local computer where the share resides to gather this information. To determine effective permissions: 1. Determine the maximum local NTFS permissions that are assigned to the share for the user or group desired. 2. Determine the maximum shared permissions that are assigned to the share for the user or group. To determine the maximum permissions a user has for a shared folder: a. Open the Properties dialog box for the shared folder. b. Find the maximum permissions the user has to the share by determining which groups the user belongs to. 3. Determine the total effective permissions for the share: a. Compare the maximum NTFS permissions with the maximum shared folder permissions. b. The most restrictive permission for the user between the maximum NTFS and shared folder permissions is the effective permissions.
40
How to Map a Network Drive
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Some users must access the same shared drives and folders frequently. Although the shared drive or folder can be easily accessed by browsing for it in My Network Places, this task may become unnecessarily repetitive for connecting to common shares. To simplify the process of browsing for shared folders and drives, you can make a semipermanent connection to a shared resource by mapping it in Windows Explorer. This mapped resource is referred to as a mapped drive or network drive. After you map a resource, you can access it as you would a local volume. To map a network drive: 1. In Windows Explorer, click Tools, and then click Map Network Drive. 2. Choose an available drive letter to assign to the share, and in the Folder box, enter the path to the shared folder. 3. Specify any required credentials that are necessary to gain access to the shared folder. Limitations of network drives Although a mapped network drive appears in Windows Explorer the same way as any other local storage volume, it is subject to a few restrictions:
!
Definition
Mapping a network drive
You may be restricted by the share permissions and NTFS permissions that are applied to the share by its owner. You cannot access the network drive if the computer on which the share resides is not present on the network. This may cause extended delays when starting your local computer as it attempts to reconnect to the shared resources that are not currently present on the network. Because the data stored in the share is located across the network, opening shared files and saving changes to those files may be considerably slower than if the files were located on your local computer.
41
What Is a Shadow Copy?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Shadow copy is a new technology that is included in Windows Server 2003 that provides the history of documents that are located on the server and enables users to roll back changes made to these files or to restore the files if they are accidentally deleted. For Windows XP and Windows 2000 Professional client computers to use shadow copy in Windows Server 2003, the shadow copy client software must be installed on each client computer. Advantages of shadow copy The shadow copy feature provides point-in-time copies of files on network shares. With shadow copies of shared folders, you can view the contents of network folders as they existed at certain points in time. The following scenarios illustrate the advantages of using shadow copy:
!
You want to recover files that were accidentally deleted. This is the network equivalent of the Recycle Bin. If you accidentally delete a file, you can open an old version of the file, and then copy it to a safe location. Shadow copies of shared folders can recover files that are deleted by any mechanism, as long as the required history folder exists. You want to recover a file after you accidentally overwrite it. Shadow copies of shared folders can be very useful when you create new files by opening an existing file, making modifications, and then saving the file with a new name. For example, you might open a financial modeling spreadsheet, make modifications based upon new scenario assumptions, and then save the spreadsheet with a new name to create a new spreadsheet. The problem arises when you forget to use a new file name in saving the file, so that the original work is erased. You can use a shadow copy of the shared folder to recover the previous version of the file.
42

!
You want to check different versions of the same file while you are working on the file. You may use shadow copies of shared folders during the normal work cycle when you want to determine what has changed between two versions of the same file. For example, you might want to see what your original text looked like before you spent time editing the file.
Installing shadow copy
To use shadow copy in Windows XP and Windows 2000 Professional, you must install the shadow copy client. To download and install the shadow copy client for Windows XP and Windows 2000 Professional, see http://www.microsoft.com/downloads/details.aspx?FamilyID=e382358f-33c3 -4de7-acd8-a33ac92d295e&DisplayLang=en. For a complete description of shadow copy in Windows Server 2003, see article 304606 in the Microsoft Knowledge Base.
Additional reading
43
How to Restore from a Shadow Copy
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The shadow copy client software package installs a Previous Versions tab in the Properties dialog box of files and folders that are located on shared network folders and drives. After you install the shadow copy client, you can access shadow copies within Windows Explorer by right-clicking on the shared resource and selecting one of three optionsView, Copy, or Restore. You can recover files and folders that were deleted, overwritten, corrupted, and so on. To recover a deleted file: 1. Navigate to the folder in which the deleted file was stored. 2. Position the cursor over a blank space in the folder, right-click, and then click Properties. If the cursor hovers over a file, that file will be selected. 3. On the Previous Versions tab, select the version of the folder that contains the file before it was deleted, and then click View. 4. View the folder and select the file that you want to recover. 5. Drag and drop, or cut and paste, the shadow copy to the desktop or folder. Recovering an overwritten or corrupted file To recover an overwritten or corrupt file: 1. Right-click the overwritten or corrupt file and then click Properties. 2. On the Previous Versions tab, click View to view the old version; click Copy to copy the old version to another location, or click Restore to replace the current version with the older version.
Using shadow copy services
Recovering a deleted file
44
Recovering a folder
To recover a folder: 1. Position the cursor so that it is over a blank space in the folder that will be recovered, right-click, and then click Properties. If the cursor hovers over a file, that file will be selected. 2. On the Previous Versions tab, select Copy or Restore. Selecting Copy allows the user to copy the previous version to another location. Selecting Restore enables the user to recover everything in that folder and all subfolders. Selecting Restore will not delete any files.
45
How to Troubleshoot Access to Shared Files and Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As a DST, you may receive calls from customers who are having difficulties sharing, locating, or gaining access to shared resources. The first step in troubleshooting these issues is to determine whether the issue is a sharing or connectivity issue and then to identify the users effective NTFS permissions. To immediately rule out connectivity as the issue, perform connectivity diagnostics, such as verifying whether the users computer can access the Internet and whether the user receives responses from other network computers using the ping command-line utility. Troubleshooting access to shared files and folders When troubleshooting access to shared files and folders, you may encounter certain issues more frequently than others. Some of these common issues, and their solutions, are:
!
The user does not have a Sharing tab when he accesses a drives or folders properties. The user must be a member of the local Administrators, Power Users, or Server Operators group and the File and Printer Sharing for Microsoft Networks network service must be installed on the local network connection. Ensure that the user belongs to one of the local groups specified and has the file-sharing service installed. The user is unable to specify who can access a shared resource because simple file sharing is enabled. Disable simple file sharing. The user shared a resource, but others cannot see the resource in My Network Places on their computers. Verify that the Server service is enabled on the users computer using the Services console. To open the Services console, in the run as command, type services.msc. Locate the Server service in the list. The Server service is enabled by default, but if it is stopped, start the service by clicking it, and then clicking the Start Service button on the toolbar.
46

!
The user has set up a shared resource and granted everyone the Full Control permission, but other users are not able to access the shared resource. This is most likely an NTFS permissions issue. Determine the NTFS permissions and ensure that there are no restrictions in these permissions that are overriding the permissions on the shared resource. Ensure that the Microsoft Windows XP Internet Connection Firewall is not enabled. If the firewall is enabled, disable it for local network connections. The user is unable to map to a network resource. Ensure that the path specified to the resource is correct and that the user has the appropriate credentials to access the shared resource. A remote user has accidentally deleted a file on a shared resource. Shared resources do not have a recycle bin, so deleted files cannot be restored. However, if the remote user has not done anything on her computer since accidentally deleting the file, the remote user can attempt to undo the file delete by pressing CTRL+Z. If the remote shared resource resides on a computer running Windows Server 2003, find out whether shadow copy is enabled. If so, the user can either contact an administrator to restore the file, or the user can download and install the shadow copy client and restore the file. The only remaining alternative is to see whether the administrator performs routine backups of shared resources and obtain the last backed-up copy.
Troubleshooting access to remote shares
When troubleshooting access to remote shared resources, you might encounter certain issues more frequently than others. Some of these common issues and their solutions, are:
!
A mapped network drive is no longer available. The most likely cause is that the shared resource is no longer available. Attempt to access the shared resource directly from the command line. You might need to delete the old mapping and create a new one. If the user belongs to a domain and is dialing in remotely, creating a new mapping to any shared resource will restore all network drives (delete the new mapping after performing this task). In a workgroup, the user is being prompted to provide credentials to a shared resource. In workgroup scenarios in which local computer security is the rule, this is normal behavior. An account must be provided for the user on the remote computer to access the resource or the user must contact the shared resource owner to obtain the appropriate credentials. In a domain, the user is being prompted to provide credentials to access a network shared folder or drive. The shared resource does not provide permissions to the users domain account for accessing the shared resource, so the remote computer is prompting for credentials. The domain user account must be added to the shared resources permissions or the user must obtain the appropriate credentials from the shared resource owner to connect. A user is attempting to access a shared folder or drive from a home computer and cannot find it. This is because shared resources are not available across the Internet. The user must be able to connect to the remote network with a secure connection and then browse and connect to remote resources.
47
Practice: Troubleshooting File and Folder Sharing
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will determine the effective NTFS permissions that are applied to a file and use shadow copy to recover a previous version of a document. The graphic on this page illustrates two shared folders that contain folders or files that have been assigned NTFS permissions. In the graphics, FC stands for Full Control and R stands for Read. Look at each example and determine a users effective permissions. 1. In the first example, the Users folder has been shared, and the Users group has the shared folder permission Full Control. User1, User2, and User3 have been granted the NTFS permission Full Control to only their folder. These users are all members of the Users group. Do members of the Users group have Full Control to all home folders in the Users folder once they connect to the Users shared folder? ____________________________________________________________ ____________________________________________________________ No, because the NTFS permission Full Control has been granted to only the individual user for his or her home folder. Therefore, only the individual user has Full Control permission for his or her home folder.
Class discussion
48
2. In the second example, the Data folder has been shared. The Sales group has been granted the shared folder permission Read for the Data shared folder and the NTFS permission Full Control for the Sales folder. What are the Sales groups effective permissions when they access the Sales folder by connecting to the Data shared folder? ____________________________________________________________ ____________________________________________________________ Read, because when shared folder permissions are combined with NTFS permissions, the most restrictive permission applies. Warning Wait for the instructor to tell you when to start. The instructor must enable folder redirection of My Documents before you begin.
! Use shadow copy to recover a previous version of a document

1. Log on to the domain as ComputerNameUser using the password P@ssw0rd. 2. Click Start, and then click Run. 3. In the Run dialog box, type gpupdate /force and then click OK. 4. In the command prompt window, type y and then press ENTER. You will be automatically logged off. 5. Log on to the domain as ComputerNameUser with the password P@ssw0rd. Warning Wait for the instructor to tell you when to continue. The instructor is creating a shadow copy. 6. Click Start, and then click My Documents. 7. In My Documents, double-click Recover. 8. In WordPad, delete Sentence 1, and then close WordPad. 9. In the WordPad warning box, click Yes. 10. In the My Documents window, right-click Recover, and click Properties. 11. On the Previous Versions tab, click Restore. 12. In the Previous Versions dialog box, click Yes, and then click OK. 13. In the Recover Properties dialog box, click OK to close. 14. In the My Documents window, double-click Recover. Notice that the document has been restored to the previous version before you deleted Sentence 1 and saved the changes. 15. Close all windows and log off. Note The instructor will disable folder redirection of the My Documents folder.
49
Lesson: Troubleshooting Access to Offline Files
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, Im working at home on my laptop. I can see my files in the My Documents folder but I cannot find them on the hard drive when I browse in Windows Explorer. What is happening? How would you respond? Lesson objectives After completing this lesson, you will be able to:
! ! ! ! ! !
Explain offline files and file settings Configure offline file settings Synchronize offline files Explain file caching Explain cache settings for shared folders Describe the folder redirection process
50
What Are Offline File Settings?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Offline files in Windows XP Professional and Windows 2000 Professional enable you to download and use shared files on your local computer when you are not connected to the network. Offline files implement autosynchronization, a feature that compares original files on the network to files on your local computer and attempts to resolve the differences between these files. Note To take advantage of offline files, fast user switching must be disabled on the computer. What are offline files? When you designate a shared file for offline use, your local computer downloads and caches a local copy of the file. You can then continue to work on this file, even if you are not connected to the network. When you connect to the network again, the operating system automatically compares any changes that you made to the offline file with the original copy and attempts to resolve any differences. This means that you do not need to manually update copies of offline files every time you reconnect to the networkthe operating system does this for you. Offline files are primarily used by people who work on portable computers and require sporadic access to network files. Where are offline files stored? When a user implements offline files, Windows 2000 Professional and Windows XP Professional create a new hidden, system folder named CSC within the operating system directory to cache files that have been made available offline on the local computer. The CSC folder is transparent to the user of offline files. The user continues to access these shared resources as if they were still on the network, from within Windows Explorer or My Network Places.
51
Network resources that are designated for offline use are marked with an offline folder icon. When working offline, even though the user is accessing local cached copies of the network shared files, the files and folders still appear to be in the same locations in My Network Places or My Computer where they are accessed when not offline. Encrypting offline files In Windows XP Professional and Windows 2000 Professional, you can encrypt offline files to secure private information or data. When you encrypt offline files, only your user account is able to access the cached data. Note For detailed instructions on how to encrypt offline files, see article 312221 in the Microsoft Knowledge Base.
52
How to Configure Offline File Settings
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Configuring offline files Before you can take advantage of the offline files feature, you must enable it. To configure offline files: 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. Click the Offline Files tab. 4. Select the Enable Offline Files check box, and then click OK. Making shared files available offline After you enable offline files, you can specify which files you want to make available when you are not connected to the network. To make shared network files or folders available when you are offline: 1. Right-click the file or folder, and then click Make Available Offline. 2. In the Offline Files Wizard, click Next. 3. Select the Automatically synchronize the Offline Files when I log on and log off my computer check box, and then click Next. 4. If you want to create a shortcut to the files on your desktop, select the Create a shortcut to the Offline Files folder on my desktop check box. 5. Click Finish. The files will be copied to your computer.
53
Adjusting offline file settings
To adjust offline file settings: In Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. Use the Offline Files tab to change any or all of the following settings:
! !
When the computer will synchronize offline files. Whether to enable reminders, which will cause a notification balloon to appear over the system tray when a computer goes offline. If you select this option, you can also specify, how often the reminder balloon is displayed after the computer goes offline. Whether to create a shortcut icon for the offline files folder on the desktop. Whether to encrypt offline files as an extra security precaution for sensitive data. The amount of disk space that is allocated for storing offline files that are automatically cached because an administrator has specified that they be made available offline. This does not affect the files that the user has made available offline.
! !
The Offline Files tab also displays three buttons:

!
Delete Files. Allows you to remove selected offline files from the local computer. This does not delete the files from the network location. View Files. Allows you to view the contents of the offline files folder, which shows all files that have been made available offline, along with their type, synchronization information, availability, access, location, size in Knowledge Base when last modified, and the status of the server. Advanced. Allows you to specify what will happen if you are connected to the network and the connection is lost. For example, you can configure the operating system to notify you that you are offline and allow you to continue working with network resources offline.
Remote share settings
For Windows XP and Windows 2000 Professional to make network shares available offline, the computer that is sharing those files must have caching enabled in the properties of that share. When creating a new share, offline caching is enabled by default. Share owners can prevent a shares contents from being available for offline use by other computers. If you are unable to configure shared resources to be available offline, caching may have been disabled on the computer on which the share resides.
54
What Is Synchronization of Offline Files?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Synchronization is the process of ensuring that shared content and the offline copy of that content are the same. This process takes place when a computer containing offline content logs on or off the network. When a computer logs on to the network, synchronization occurs with the offline resource. When a computer logs off of the network, synchronization occurs with the shared resource. Note Users may have issues with synchronization if the shared resource changes while the computer containing the offline content is disconnected from the network. How synchronization works When synchronization takes place between a shared resource and its offline copy, the operating system compares the two copies and does the following, depending on the states of the two copies since the last synchronization:
!
If the content of the offline file has changed and the content of the shared copy has not changed, the operating system updates the shared copy with the offline copy. If the content of the offline file has not changed and the content of the shared copy has changed, the operating system updates the offline copy to reflect the changes. If both the shared copy and the offline copy have changed, the user can keep the offline version, the original shared version, or both. If either the offline copy or the shared copy of a file is deleted, the file on the other computer is deleted as well, as long as the offline copy wasnt changed since the last synchronization. If the shared copy has been deleted and the offline copy was changed, a dialog box is presented to the user with the offline copy. The user has the option of saving the offline file on the share on which it originated or deleting the offline copy.

!
55
If the offline copy has been deleted and the shared copy has been changed, the user can delete the shared copy or replace the offline copy with the shared copy. If a new file has been added on the share to a folder that the user has marked for offline availability, the new file is copied to the users cache of the computer on which the offline copy resides.
Synchronization settings
In addition to the default logoff and logon synchronization scheme, you can instruct the operating system to synchronize at other times. To customize synchronization settings, in Windows Explorer, on the Tools menu, select Synchronize. The Synchronization Manager provides a central location where you can view and synchronize all the shared files that you have made available offline. You may specify when the synchronization process occurs. For example:
! ! ! !
Every time you log on to your computer, every time you log off, or both. At specific intervals while your computer is idle. At scheduled times. Any combination of these options. These options can be specified for each offline resource.
Note If you attempt to synchronize offline files while you are still offline, or if you configure synchronization at specific intervals or times, the operating system will attempt to connect to the network using available dialup and virtual private network (VPN) connections.
56
What Is File Caching?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction File caching is a feature designed to help eliminate unnecessary network traffic when remote computers log on to a network shared resource. Caching creates a more localized, temporary copy of data to improve speed and reduce communications time. The concept is applied across a wide variety of computer-based technologies and is not limited in scope to file sharing. Offline files are one form of file caching used by computers running Windows XP and Windows 2000 Professional. Pinning Taking advantage of the advanced file-caching features of the operating system is often referred to as pinning files. When enabling caching of shared files, you enable remote computers to pin local, cached copies of your shared resources to the local computer. On a client computer, the total number of files that you can pin is determined by your cache size limits. By default, Windows 2000 Professional and Windows XP prevent the cache size of a computer from exceeding 10 percent of the size of the partition on which Windows is installed. To increase or decrease cache size: 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options, and then click the Offline Files tab. 3. Move the Amount of disk space to use for temporary offline files slider to the appropriate position. Note You cannot move or extend the cache to another partition. Warning When you reach the limit of your cache size, Windows begins to discard older files from the cache and replace them with newer files.
Default cache size
57
How to Define Cache Settings for Shared Folders
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When a shared resource is made available on the network, you can control the cache settings for that shared resource. This allows you to determine how files inside each of your shares are accessed by remote users. The cache settings defined on the computer on which the shared resource resides dictate the caching behavior of the client computers that connect to the shared resource, not the computer on which the share resides. Defining cache settings To define cache settings for shared folders: 1. Right-click a shared folder, and then click Properties. 2. Click the Sharing tab, and then click Caching. 3. In the Caching Settings window, make the appropriate selection in the Settings drop-down list, and then click OK. This list contains the three available cache settings: Manual Caching Of Documents. Provides caching only to those files that users specifically identify for offline use. This caching option is ideal for a shared folder containing files that several people will access and modify when not on the network. Manual caching is the default option when you create a new share. Automatic Caching of Documents. Makes every file in a shared folder cache to a local computer automatically when the computer first accesses the share. When you open a cached document from a client computer, the cached copy is used, but the original document on the share is also opened to prevent other people from changing the file while you have it open.
58
Automatic Caching of Programs and Documents. Provides automatic, read-only caching of files from the share. This is ideal for shares containing static configuration files for network-based applications and for providing access to documents that are not intended for editing by others. 4. Click OK. In the Caching Settings window, you can also disable caching for a shared resource by clearing the Allow caching of files in this shared folder check box.
59
What Is the Folder Redirection Process?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Folder redirection allows network administrators to change the path of a folder on a users computer to point to a different location. This new location can be another folder on the users local computer or a network share. This feature helps Information Technology (IT) departments to reduce the administrative costs of managing large numbers of users and all of the data that those users generate and require access to. Redirection is implemented by an extension to the Group Policy. Only five folders can be redirected on a computer running Windows XP or Windows 2000 Professional:
! ! ! ! !
Implementation
My Documents My Pictures Application Data Desktop Start menu
A user can determine to where one of these folders is being redirected by rightclicking on the folder and clicking Properties. The Target folder location field specifies to where the folder is currently being redirected. Advantages of redirection Folder redirection provides a number of advantages to network administrators:
!
Improved roaming user profile performance. With folder redirection properly configured, not all of the data in the user profile is transferred to the desktop each time the user logs ononly the data the user requires. Data stored on a shared network server can be backed up as part of routine system administration. This is safer and it requires no action on the part of the user. Data specific to a user can be redirected to a different hard disk on the users local computer from the hard disk holding the operating system files. This protects the users data if the operating system must be reinstalled.
60

!
When the user logs on to different computers, folder redirection can make the same documents available to the user from any computer on the network. Administrators can use Group Policy to set disk quotas, limiting the amount of space taken up by users folders.
Redirection and offline files
Folder redirection and offline files can be effectively combined. When combined with folder redirection, offline files improve the availability and reliability of the redirected files. For example, if a company has a sales associate who often travels with her portable computer, an administrator can configure the sales associates My Documents folder to be redirected to a server share, which simplifies data backup, and then configure Automatic Caching of Documents for that share to ensure that she always has access to her files while away from the office.
61
How to Troubleshoot Access to Offline Files
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction When troubleshooting access to offline files, you should first determine if an offline files issue is a caching issue or a share permissions issue. If you believe it to be a share permissions issue, see the topic How to Troubleshoot Access to Shared Files and Folders in this module. Note Windows XP Home Edition does not provide the offline files feature. Troubleshooting offline files configuration issues When troubleshooting offline files, you may encounter issues relating to offline files configuration. Some of these issues and their solutions are:
!
The user cannot enable offline files. Ensure that fast user switching is disabled. Offline files are not compatible with fast user switching. The user is unable to make certain files available for offline use. Some types of files cannot be synchronized for offline use, including Microsoft Outlook Personal Folders files (.pst) and files with the .dbf extension, which may be database files or Microsoft Outlook Express folders. If shared files are open when the user synchronizes, that is, in use by someone else or by another running process, the user cannot make these files available offline. Instruct the user to ensure that the shared resources are not in use by any user. It might be helpful for the user to restart the computer and try to make the shared resource available offline again.
62

!
The user is unable to make encrypted files available offline. This can happen for several reasons: The user is not an administrator on the local computer. The local volume is not formatted as NTFS, or it does not support encryption. A system administrator has implemented an encryption policy for offline caching. The users computer is running Windows XP Home Edition. Offline files are not available in Windows XP Home Edition.
Note When users select files that are already encrypted for offline access, the local cached copies will be unencrypted. Working offline with decrypted files can be dangerous, especially when using a portable computer; because these systems have a high rate of theft and intrusion. Encourage users not to work offline with decrypted files. Troubleshooting synchronization issues When troubleshooting offline files, you might encounter issues relating to synchronization. Some of these issues and their solutions are:
!
The user is prompted to keep the original copy, the offline copy, or both. This indicates that the original shared copy has been changed in the users absence. Always instruct the user to keep both copies and to check with the network administrator regarding how to merge the offline file changes into the shared copy. The user has deleted an offline file but the shared copy of the file is still on the network share. This is expected behavior. It indicates that another user has made a change to the shared file because the user last synchronized the shared file to the offline file. Instruct the user to either ignore the file or determine who changed the network copy of the file. The user is receiving synchronization errors at various times when away from the network. Whenever the users computer connects to any network, Windows will attempt to resynchronize offline files. The user can either safely ignore these messages or attempt to reconfigure the synchronization and caching settings in the Advanced dialog box of the Offline Files tab of the Windows Explorer Tools menu.
Folder redirection issues
The user is unable to browse the My Documents folder from within Windows Explorer. Check the redirection setting of the My Documents folder. It has most likely been redirected to a network share. This behavior is expected, and the user should access the My Documents folder directly from the My Documents desktop shortcut instead of Windows Explorer.
63
Practice: Troubleshooting Access to Offline Files
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will configure a shared folder and its contents to be available offline using offline files. You will also configure offline settings for the shared folder, and then determine if a folder is being redirected to the server.
Practice
! Configure a shared folder and its contents to be available offline using

offline files 1. Log on to the domain as ComputerNameUser with the password P@ssw0rd. 2. Click Start, and then Run. 3. In the Open window, type \\London then click OK. 4. In the London window, right-click rahelp, and then select Make Available Offline. 5. On the Offline Files Wizard page, click Next. 6. Ensure that the Automatically synchronize the Offline Files when I log on and log off my computer check box is enabled, and then click Next. 7. Click Finish. 8. Close all windows.
64
! Configure offline settings for the shared folder

1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, and then click My Computer. 3. In the My Computer window, click Tools, and then click Folder Options. 4. On the Offline Files tab, on the slide bar labeled Amount of disk space to use for temporary offline files, decrease the amount of disk space to use for temporary offline files to five percent of the drive. 5. Select the Encrypt offline files to secure data check box. 6. Click View Files. 7. Close the Offline Files Folder window. 8. In the Folder Options window, click OK. 9. Close all windows.
! Determine if a folder is being redirected to the server

1. Click Start, right-click My Documents, and then click Properties. What is listed in the Target field of the My Document Properties dialog box? ____________________________________________________________ C:\Documents and Settings\ComputerNameAdmin\My Documents. Has your My Documents folder been redirected or is it local? ____________________________________________________________ Local. 2. Close the My Documents Properties window.
! Determine if a folder is being redirected to the server again

1. When told to do so by the instructor, click Start, and then click Run. 2. In the Open window, type gpupdate /force then click OK. 3. In the command prompt window, type y and then press ENTER. 4. Log on to the domain as ComputerNameUser with the password P@ssw0rd.
65
5. Click Start, right-click My Documents, and then click Properties. What is listed in the Target field of the My Document Properties dialog box? ____________________________________________________________ \\London\usertestdata$\ComputerNameUser\My Documents. Has your My Documents folder been redirected or is it local? ____________________________________________________________ Redirected. 6. Close all windows and log off.
66
Lab: Resolving File and Folder Issues
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Scenario After completing this lab, you will be able to troubleshoot file and folder issues. In this exercise, you will examine a sample phone call from a customer and determine the best solution for the customer. Be prepared to discuss your solution with the class. You are a DST at a large corporation. You receive calls from employees who are working on Windows XP and Windows 2000 Professional. You receive a call from a customer who says, My company gave me a laptop computer to use for the next two months because I will be traveling. I have the computer networked with our home computer so that I can share the Internet connection when I am home. I need to finish preparing our taxes before the end of the month, so I want to transfer our financial information to the laptop computer so that I can work on the taxes at the hotel. However, Im concerned about the laptop getting stolen and someone having all of my private information. When I am at home, I want to use our computer to work on the taxes because it is faster. Can you help me transfer files to the laptop computer? And is there a way to have my files synchronize automatically between my laptop and my desktop? How do I configure that?
67
Oh, and while we are talking, can you help me secure my files on my home computer? Is there a way that I can keep certain files safe from my seven-yearold son while allowing him to access other files? I have him logging in on a different account from mine. Both computers, by the way, are running Windows XP Professional. Guide the caller through the steps to set up the laptop to use offline files and to encrypt the files. Also help the caller through the steps to set up NTFS permissions on files on the desktop to prevent the sons account from accessing certain files and folders. _______________________________________________________________ _______________________________________________________________ _______________________________________________________________
THIS PAGE INTENTIONALLY LEFT BLANK

Module 4: Resolving File and Folder Issues

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 4: Resolving File and Folder Issues

Uploaded by

Copyright:

Available Formats

Module 4: Resolving File and Folder Issues